dcsimg
Linux Today: Linux News On Internet Time.




More on LinuxToday


Intrusion detection systems: Using tripwire on Linux

Oct 03, 2011, 15:01 (0 Talkback[s])

[ Thanks to LinuxCareer.com for this link. ]

"Intrusion Detection Systems, which will be henceforth referred to as IDS, are software applications that monitor a network for any suspicious activity, the keyword here being "monitor". The difference between an IDS and a firewall is that while the former usually just reports any unusual activity, a firewall is an application created to stop said activity. So it's basically a case of passive vs active. Like we said above, while you can use an IDS in a SOHO network, its' true value is shown in larger networks with lots of of subnets and valuable data. There are also IDPSs, where the extra 'P' stands for prevention, which means that an IDPS will also try to reconfigure the firewall to reflect a new threatening situation, for example, so in this case passive meets active. We will let you dig deeper in the abundant documentation on the subject, since security in general isn't the object of our article, and we will try to focus on the types of IDS, so we can get to our subject, which is tripwire."

Complete Story

Related Stories: